Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/806857/?format=api
{ "id": 806857, "url": "http://patchwork.ozlabs.org/api/patches/806857/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/1503965694-10794-58-git-send-email-mdroth@linux.vnet.ibm.com/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1503965694-10794-58-git-send-email-mdroth@linux.vnet.ibm.com>", "list_archive_url": null, "date": "2017-08-29T00:14:32", "name": "[57/79] commit: Fix use after free in completion", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "c38e9c5e5a3bfd62392f38cf5aec1232bcec3ec3", "submitter": { "id": 5549, "url": "http://patchwork.ozlabs.org/api/people/5549/?format=api", "name": "Michael Roth", "email": "mdroth@linux.vnet.ibm.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/1503965694-10794-58-git-send-email-mdroth@linux.vnet.ibm.com/mbox/", "series": [ { "id": 281, "url": "http://patchwork.ozlabs.org/api/series/281/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=281", "date": "2017-08-29T00:13:45", "name": "Patch Round-up for stable 2.9.1, freeze on 2017-09-04", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/281/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/806857/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/806857/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org", "Authentication-Results": "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)", "Received": [ "from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xh9670vJ8z9s7M\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 29 Aug 2017 10:50:23 +1000 (AEST)", "from localhost ([::1]:42077 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dmUjU-0006KB-W9\n\tfor incoming@patchwork.ozlabs.org; Mon, 28 Aug 2017 20:50:21 -0400", "from eggs.gnu.org ([2001:4830:134:3::10]:48544)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <mdroth@linux.vnet.ibm.com>) id 1dmUCh-0001YY-Qp\n\tfor qemu-devel@nongnu.org; Mon, 28 Aug 2017 20:16:31 -0400", "from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <mdroth@linux.vnet.ibm.com>) id 1dmUCe-0005oz-5j\n\tfor qemu-devel@nongnu.org; Mon, 28 Aug 2017 20:16:27 -0400", "from mx0b-001b2d01.pphosted.com ([148.163.158.5]:42402\n\thelo=mx0a-001b2d01.pphosted.com)\n\tby eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from <mdroth@linux.vnet.ibm.com>)\n\tid 1dmUCd-0005nj-Vf\n\tfor qemu-devel@nongnu.org; Mon, 28 Aug 2017 20:16:24 -0400", "from pps.filterd (m0098414.ppops.net [127.0.0.1])\n\tby mx0b-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id\n\tv7T0EBJ8019642\n\tfor <qemu-devel@nongnu.org>; Mon, 28 Aug 2017 20:16:23 -0400", "from e35.co.us.ibm.com (e35.co.us.ibm.com [32.97.110.153])\n\tby mx0b-001b2d01.pphosted.com with ESMTP id 2cmsfn2wme-1\n\t(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)\n\tfor <qemu-devel@nongnu.org>; Mon, 28 Aug 2017 20:16:23 -0400", "from localhost\n\tby e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use\n\tOnly! Violators will be prosecuted\n\tfor <qemu-devel@nongnu.org> from <mdroth@linux.vnet.ibm.com>;\n\tMon, 28 Aug 2017 18:16:22 -0600", "from b03cxnp08027.gho.boulder.ibm.com (9.17.130.19)\n\tby e35.co.us.ibm.com (192.168.1.135) with IBM ESMTP SMTP Gateway:\n\tAuthorized Use Only! Violators will be prosecuted; \n\tMon, 28 Aug 2017 18:16:21 -0600", "from b03ledav002.gho.boulder.ibm.com\n\t(b03ledav002.gho.boulder.ibm.com [9.17.130.233])\n\tby b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with\n\tESMTP id v7T0GKCL64880854; Mon, 28 Aug 2017 17:16:20 -0700", "from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])\n\tby IMSVA (Postfix) with ESMTP id 98A3E136040;\n\tMon, 28 Aug 2017 18:16:20 -0600 (MDT)", "from localhost (unknown [9.80.85.217])\n\tby b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id\n\t6588713603C; Mon, 28 Aug 2017 18:16:20 -0600 (MDT)" ], "From": "Michael Roth <mdroth@linux.vnet.ibm.com>", "To": "qemu-devel@nongnu.org", "Date": "Mon, 28 Aug 2017 19:14:32 -0500", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1503965694-10794-1-git-send-email-mdroth@linux.vnet.ibm.com>", "References": "<1503965694-10794-1-git-send-email-mdroth@linux.vnet.ibm.com>", "X-TM-AS-GCONF": "00", "x-cbid": "17082900-0012-0000-0000-000014ECDC52", "X-IBM-SpamModules-Scores": "", "X-IBM-SpamModules-Versions": "BY=3.00007630; HX=3.00000241; KW=3.00000007;\n\tPH=3.00000004; SC=3.00000226; SDB=6.00909028; UDB=6.00455849;\n\tIPR=6.00689279; \n\tBA=6.00005557; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009;\n\tZB=6.00000000; \n\tZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00016909;\n\tXFM=3.00000015; UTC=2017-08-29 00:16:22", "X-IBM-AV-DETECTION": "SAVI=unused REMOTE=unused XFE=unused", "x-cbparentid": "17082900-0013-0000-0000-00004F43FB4E", "Message-Id": "<1503965694-10794-58-git-send-email-mdroth@linux.vnet.ibm.com>", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10432:, ,\n\tdefinitions=2017-08-28_13:, , signatures=0", "X-Proofpoint-Spam-Details": "rule=outbound_notspam policy=outbound score=0\n\tspamscore=0 suspectscore=1\n\tmalwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam\n\tadjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000\n\tdefinitions=main-1708290001", "X-detected-operating-system": "by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy]", "X-Received-From": "148.163.158.5", "Subject": "[Qemu-devel] [PATCH 57/79] commit: Fix use after free in completion", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.21", "Precedence": "list", "List-Id": "<qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<http://lists.nongnu.org/archive/html/qemu-devel/>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Cc": "Kevin Wolf <kwolf@redhat.com>, qemu-stable@nongnu.org", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>" }, "content": "From: Kevin Wolf <kwolf@redhat.com>\n\nThe final bdrv_set_backing_hd() could be working on already freed nodes\nbecause the commit job drops its references (through BlockBackends) to\nboth overlay_bs and top already a bit earlier.\n\nOne way to trigger the bug is hot unplugging a disk for which\nblockdev_mark_auto_del() cancels the block job.\n\nFix this by taking BDS-level references while we're still using the\nnodes.\n\nCc: qemu-stable@nongnu.org\nSigned-off-by: Kevin Wolf <kwolf@redhat.com>\nReviewed-by: John Snow <jsnow@redhat.com>\n(cherry picked from commit 19ebd13ed45ad5d5f277f5914d55b83f13eb09eb)\nSigned-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>\n---\n block/commit.c | 7 +++++++\n 1 file changed, 7 insertions(+)", "diff": "diff --git a/block/commit.c b/block/commit.c\nindex 76a0d98..3bae46e 100644\n--- a/block/commit.c\n+++ b/block/commit.c\n@@ -89,6 +89,10 @@ static void commit_complete(BlockJob *job, void *opaque)\n int ret = data->ret;\n bool remove_commit_top_bs = false;\n \n+ /* Make sure overlay_bs and top stay around until bdrv_set_backing_hd() */\n+ bdrv_ref(top);\n+ bdrv_ref(overlay_bs);\n+\n /* Remove base node parent that still uses BLK_PERM_WRITE/RESIZE before\n * the normal backing chain can be restored. */\n blk_unref(s->base);\n@@ -124,6 +128,9 @@ static void commit_complete(BlockJob *job, void *opaque)\n if (remove_commit_top_bs) {\n bdrv_set_backing_hd(overlay_bs, top, &error_abort);\n }\n+\n+ bdrv_unref(overlay_bs);\n+ bdrv_unref(top);\n }\n \n static void coroutine_fn commit_run(void *opaque)\n", "prefixes": [ "57/79" ] }